Forum Discussion
nov1ce_120072
Nimbostratus
NimbostratusActive/standby question
Hello,
We have a pair of BIG-IP LTM 3900 appliances (10.2.2 build 763.3) configured in active/standby mode. Floating IP is on. On the active unit: System > High Availability > Network Failover is enabled, Peer Management Address points to the standby unit, and under Unicast there are dmz and management networks defined:
dmz|Self IP address from DMZ VLAN|Floating IP address from DMZ VLAN|1026 management|Self IP address from Management VLAN|Floating IP address from Management VLAN|1026
Everything is working fine, I just have a question: is it normal that I see the same traffic load on the DMZ interface of standby unit?
Thank you.
yes, it is connection mirroring.
sol13478: Overview of connection and persistence mirroring (11.x)
http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13478.htmlwhen using connection mirror, ingress traffic can be seen on standby unit.
Packets on the active BIG-IP that require mirroring are transmitted to the standby unit. The standby unit then processes the traffic through the inbound side of the TCP stack and hands it off to TMM as if it were the active unit. However, the output stack is disconnected, and no trafffic is actually sent on the wire. This process allows the standby unit to maintain full state information for the mirrored connections in order to fail over seamlessly.sol9701: The tcpdump utility with a VLAN filter on the standby unit may capture load-balanced traffic
http://support.f5.com/kb/en-us/solutions/public/9000/700/sol9701.html
nitassEmployee
is it normal that I see the same traffic load on the DMZ interface of standby unit?
are you using connection mirroring?
nov1ce_120072Thanks! Do you mean Network Mirroring? Yes, it has self and peer IP addresses configured.
nitass_89166Noctilucent
is it normal that I see the same traffic load on the DMZ interface of standby unit?
are you using connection mirroring?
- nov1ce_120072Thanks! Do you mean Network Mirroring? Yes, it has self and peer IP addresses configured.
- nitass
yes, it is connection mirroring.
sol13478: Overview of connection and persistence mirroring (11.x)
http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13478.htmlwhen using connection mirror, ingress traffic can be seen on standby unit.
Packets on the active BIG-IP that require mirroring are transmitted to the standby unit. The standby unit then processes the traffic through the inbound side of the TCP stack and hands it off to TMM as if it were the active unit. However, the output stack is disconnected, and no trafffic is actually sent on the wire. This process allows the standby unit to maintain full state information for the mirrored connections in order to fail over seamlessly.sol9701: The tcpdump utility with a VLAN filter on the standby unit may capture load-balanced traffic
http://support.f5.com/kb/en-us/solutions/public/9000/700/sol9701.html- nov1ce_120072Thank you!
- nitass_89166
yes, it is connection mirroring.
sol13478: Overview of connection and persistence mirroring (11.x)
http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13478.htmlwhen using connection mirror, ingress traffic can be seen on standby unit.
Packets on the active BIG-IP that require mirroring are transmitted to the standby unit. The standby unit then processes the traffic through the inbound side of the TCP stack and hands it off to TMM as if it were the active unit. However, the output stack is disconnected, and no trafffic is actually sent on the wire. This process allows the standby unit to maintain full state information for the mirrored connections in order to fail over seamlessly.sol9701: The tcpdump utility with a VLAN filter on the standby unit may capture load-balanced traffic
http://support.f5.com/kb/en-us/solutions/public/9000/700/sol9701.html- nov1ce_120072Thank you!